Springboot项目中启用Https

参考 Spring Boot中启动HTTPS ,https://www.website-solution.net/ssl-certificate/...Spring Boot中启动HTTPS

SpringBoot 2.0.0新版和SpringBoot1.5.2版本中Tomcat配置的差别（坑）,,Https系列之三：让服务器同时支持http、https，基于spring boot

Spring Boot 配置 SSL 憑證的設定,,HTTP，HTTPS详解以及get post区别，状态码

SSL Certificate(SSL 证书)

    是数字证书的一种，类似于驾驶证，护照和营业执照的电子副本，因为配置在服务器上，也称为SSL服务器证书。SSL 证书遵守SSL协议，由受信任的数字证书颁发机构，在验证服务器身份后颁发，具有服务器身份验证和数据传输加密功能。SSL证书给予网站HTTPS安全协议加密传输与信任功能。SSL证书是用于在Web服务器与浏览器以及客户端之间建立加密链接的加密技术。通过配置和应用SSL证书来启用HTTPS协议，来保证互联网数据传输的安全，全球每天有数以亿计的网站都是通过HTTPS来确保数据安全，保护用户隐私。

1.获取证书

这里自己用如下command 命令生成   并把生成的证书keystore.p12放在 src/main/resource文件夹下

keytool -genkey -alias tomcat  -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650

生成证书过程如下，需要记住设置的 keystore password

2.添加依赖

<!-- https://mvnrepository.com/artifact/tomcat/tomcat-http11 -->
<dependency>
	<groupId>tomcat</groupId>
	<artifactId>tomcat-http11</artifactId>
	<version>5.0.28</version>
</dependency>

3. 在application.properties中配置HTTPS  这里密码是生成证书时自己设置的密码

#https
server.port=8443
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=123456
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

4.将HTTP请求重定向到HTTPS（可选）

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ServletWebServerConfiguration {
	@Bean
	public ServletWebServerFactory servletContainer() {
		TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
			@Override
			protected void postProcessContext(Context context) {
				// Due to CONFIDENTIAL and /*, this will cause Tomcat to redirect every request to HTTPS.
				// You can configure multiple patterns and multiple constraints if you need more control over what is and is not redirected.
				SecurityConstraint constraint = new SecurityConstraint();
				constraint.setUserConstraint("CONFIDENTIAL");
				SecurityCollection collection = new SecurityCollection();
				collection.addPattern("/*");
				constraint.addCollection(collection);
				context.addConstraint(constraint);
			}
		};
		tomcat.addAdditionalTomcatConnectors(httpConnector());
		return tomcat;

	}

	@Bean
	public Connector httpConnector() {

		Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
		connector.setScheme("http");
		connector.setPort(8080);
		// if connector.setSecure(true),the http use the http and https use the https
		// else if connector.setSecure(false),the http redirect to https;
		connector.setSecure(true);
		// redirectPort The redirect port number (non-SSL to SSL)
		connector.setRedirectPort(8443);
		return connector;
	}

}

5.启动项目 会有如下log打出

 o.s.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port(s): 8443 (https) 8080 (http) with context path ''